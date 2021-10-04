While typing in my Ubuntu laptop, I was often making mistakes by tapping on touch-pad accidentally. The text cursor (aka caret) jumped to another place, and/or app window lost focus. It made me crazy since the built-in ‘disable touchpad while typing‘ option does not function in my HP laptop. GNOME has the option to disable touchpad while typing, which is enabled out-of-the-box in current Ubuntu releases. Users may access the settings either via ‘/org/gnome/desktop/peripherals/touchpad/’ in Dconf Editor or using Gnome Tweaks tool.

In this tutorial, we will show you how to install Memcached on Debian 11. For those of you who didn’t know, Memcached, the high-performance, distributed memory object caching system, is extremely useful in speeding up dynamic web applications by alleviating database load. This reduces the number of times an external data source must be read, which lowers overheads and speeds up response times. The memory caching software is a free, open-source project that anyone can use. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Memcached on a Debian 11 (Bullseye).

Most GNU/Linux distributions put the /tmp folder (where all sorts of temporary files the OS needs to have around for a little while go, as the name implies) on a RAM drive, using tmpfs. Debian, it appears, doesn’t. Having /tmp mounted on an SSD in a modern computer will cause many unnecessary writes to the SSD and will contribute to the drive wearing out too quickly. I did some investigating and the Debian Wiki gives two ways to enable /tmp on a RAM drive. You can either edit /etc/fstab by hand, but it’s easier to screw something up if you do, or you can just let systemd handle it. Since systemd has a service for this, why not just let it do that? Open a terminal: sudo cp /usr/share/systemd/tmp.mount /etc/systemd/system/ sudo systemctl enable tmp.mount After that, you can reboot and the OS should just clear the temp folder, come back up, and mount /tmp on tmpfs. You can verify this with: mount | grep /tmp It should say something like: tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=409600) I hate systemd. God knows we’ve had much more trouble out of it than it was ever worth, and Debian should have known better than to bring it in. I would have much preferred Upstart.

Icinga 2 is a free and open source monitoring tool designed to be scalable and extensible. Icinga 2 checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. We can monitor large and complex environments across multiple locations using Icinga2. We can also setup Icinga2 with high availability clusters with a distributed setup for large / complex environments. In this guide we will learn how to install and configure Icinga 2 and Icinga Web 2 on CentOS 8.

A compressed cache, or Zswap, sitting between your physical memory and your SWAP partition can yield benefits, whether you have a lot of RAM, or very little. In the case of a low memory system, you risk running out, swap thrashing, and either lots of unnecessary writes to an SSD (which only have so many before they’re finished) or swapping out to a hard drive, which is terribly slow. In the case of a large memory system, well, it’s still not a good idea to run without a SWAP partition, because your needs can always be bigger than the amount of RAM available. The OOM-KILLER (or to a lesser extent EarlyOOM) is not your friend. If you run out of memory and there is no swap available, the OOM-KILLER (or the iron fist in a velvet glove, EarlyOOM) fires up and starts KILLING (hence the name) things that it thinks will help keep the system up. On a desktop, this could be literally anything, although it’s always more likely to be something that’s using a ton of memory.

rkhunter (Rootkit Hunter) is is an open-source Unix/Linux based security monitoring and analyzing tool. It is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. rkhunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. rkhunter is notable due to its inclusion in popular OS (Fedora, Debian, etc.) The tool has been written in Bourne shell, to allow for portability. It can run on almost all UNIX-derived systems. This article will help you with the installation and config. rkhunter.

Shoutcast is proprietary software that is being used to stream media over the Internet, especially used in music live streaming by the radio stations on Internet. It is specially for creating or listening to Internet audio broadcasts. Shoutcast allows us to broadcast a stream of music to the remote client connected to the server. Once Shoutcast is in your server, you can use media players like Winamp or Mixxx to connect to a streaming server and broadcast audio playlists to the Internet. This tutorial covers installation of Shoutcast on CentOS 8.

Linux kernel 5.14 is out and is famous for testing out with many new features, support, and security. The Linux 5.14 kernel release has gone through seven release candidates over the last two months and benefits from the contributions of 1,650 different developers. Those that contribute to Linux kernel development include individual contributors and prominent vendors like Intel, AMD, IBM, Oracle, and Samsung.

WordPress is considered one of the best and easiest content management system (CMS) tools. It doesn’t require any coding skills and web-developing skills to get started with WordPress. There are many ways to install the WordPress CMS on a server to localhost, and some of them are easy, and others are a bit trickier. You can set up WordPress with Ansible despite the conventional method of installing WordPress and other CMS applications. Moreover, Ansible is available for Windows, Mac, and Linux.

One of the great virtues of open-source software – which is that anyone can contribute – is also one of its greatest weaknesses. The issue is that supply-chainlike process by which projects involving multiple contributors come together is based to a large degree on faith that no one will introduce malicious code or backdoors that sabotage a project. As open source has increasingly worked its way into commercial and enterprise applications, however, some people see the reliance on trust as a vulnerability. Kim Lewandowski and Dan Lorenc of Google LLC’s open-source security team recently noted that the process of installing most open-source software today “is equivalent to picking up a random thumb-drive off the sidewalk and plugging it into your machine.”

Security Leftovers Google Allocates $ 1 Million to Work to Improve the Security of Open Source Software [Ed: More of a corporate PR stunt from a company that spies on everybody and puts back doors in things] Google introduced the Secure Open Source (SOS) initiative, which will provide bonuses for work related to hardening critical open source software. A million dollars have been allocated for the first payments, but if the initiative is recognized as successful, the investment in the project will continue.

Google stakes new Secure Open Source rewards program for developers with $1M seed money As part of Google's recently announced $10 billion commitment to cybersecurity defense, the company announced Friday the sponsorship for the Secure Open Source (SOS) Rewards pilot program run by the Linux Foundation.

Exclusive Interview with CrowdSec CEO Philippe Humeau With the widespread adoption of cloud and container infrastructure, protecting servers, services, containers and virtual machines exposed on the Internet with a reliable, intelligent intrusion prevention system is more important than ever. Cloud-native environments foster rapid growth and innovation, but also introduce an element of added complexity, along with new security challenges. Recently, LinuxSecurity researchers had the opportunity to speak with CrowdSec CEO Philippe Humeau about modern cyber risk, CrowdSec’s unique and advantageous community-powered approach to intrusion prevention with an extremely accurate IP reputation system, what users can expect from the latest CrowdSec release, what the future holds for CrowdSec, and more! We’re excited to share key insights and highlights from this exclusive interview with our readers to help them better understand the modern cyber threat landscape and how they can bolster their intrusion prevention strategy to prevent attacks.

Virtual Panel: DevSecOps and Shifting Security Left [Ed: Will more buzzwords and cargo cults make us safer?]

Thank you, SonarSource - openSUSE admin - openSUSE Project Management Tool There are times, when keeping your system up-to date does not help you against vulnerabilities. During these times, you want to have your servers and applications hardened as good as possible - including good Apparmor profiles. But even then, something bad can easily happen - and it's very good to see that others take care. Especially if these others are professionals, that take care for you, even if you did not ask them directly. Tuesday, 2021-08-31, was such a day for our openSUSE infrastructure status page: SonarSource reported to us a pre-auth remote code execution at the https://status.opensuse.org/api/v1/incidents endpoint. SonarSource, equally driven by studying and understanding real-world vulnerabilities, is trying to help the open-source community to secure their projects. They disclosed vulnerabilities in the open-source status page software Cachet - and informed us directly - that our running version is vulnerable to CVE-2021-39165. Turned out that the Cachet upstream project is meanwhile seen as dead - at least it went out of support by their original maintainers since a while. It went into this unsupported state unnoticed by us - and potentially also unnoticed by many others. A problem, that many other, dead open source projects sadly share.